Russian security firm cracks iOS 4's hardware encryption

A Russian security firm has announced the first commercially available toolkit capable of cracking the encryption and passwords on Apple's latest mobile devices. ElcomSoft says its software can bypass the security that protects data such as SMS messages, pictures, emails, geolocation data, web browsing history on the iPhone 3GS, iPhone 4 as well as recent iPods and iPads.

Starting with iOS 4, Apple has employed a hardware encryption system called Data Protection that stores a user-defined password on an embedded chip using 256-bit AES encryption. What's more, files stored on iOS 4 are secured with a device-specific encryption key known as a unique ID or UID. Naturally, ElcomSoft's toolkit obtains these keys -- one way or another.

Although the company didn't offer any great details on how its software procures a device's UID, it noted that the default "Simple passcode" option used by Apple's device can be bruteforced with relative ease as it only requires a four-digit password. With only 10,000 possible combinations, an iPhone 4's passcode can be hacked in 20 minutes (40 minutes being the longest).

If the user's passcode can't be bruteforced outright, the firm's toolkit can obtain a device's escrow keys. "Escrow keys are created and stored by the iTunes when you first plug an iOS device to the computer. Having a set of escrow keys collected from a computer to which an iOS device was once connected gives the same powers as knowing the passcode," ElcomSoft explained.

ElcomSoft's software won't be available to everyone, considering it can unlock essentially all of the personal data someone might have on an iOS device. The company says it will only sell its tools to established law enforcement, forensic and intelligence agencies, and "select" government organizations. That said, ElcomSoft does publicly sell an iOS-compatible "password breaker."